[ale] Linux 2.2.19 IPCHAINS Firewall + FTP woes

Thomas Holmquist fishy at ipa.net
Thu Jul 24 20:45:05 EDT 2003


No, the only time you need to open up more than one port is when your 
doing passive FTP, and even then you can tell the FTP daemon to only use 
a small range of ports, so setting a DMZ on your router is not needed

Dow Hurst wrote:

> Switch to scp.  Don't use ftp to connect to a machine inside your 
> firewall from the Internet.  You need a DMZ or exposed server to 
> provide ftp services.
> Dow
>
>
> Nathan J. Underwood wrote:
>
>> An associate has a linux firewall running RH Linux (kernel 2.2.19), 
>> ipchains
>> 1.3.9 to protect a small firm (~5 users).  This has worked well in 
>> the past, but
>> now he needs to put a FTP server behind it (currently has webserver, 
>> and mail
>> server behind it).  It's been a very long time since I've worked with 
>> the 2.2.x
>> kernel, and an ipchains firewall for that matter, but I definately 
>> remember
>> losing some hair over trying to get FTP to work from behind it.  We 
>> can get to
>> the box, and log into the FTP server, but we are unable to get a 
>> directory
>> listing.  I have verified that ip_masq_ftp is loaded, but lsmod 
>> reports that
>> it's unused (see below).  Any ideas?  What am I missing?  Many thanks
>>
>> lsmod
>> Module                  Size  Used by
>> ip_masq_ftp             3740   0  (unused)
>> ip_masq_portfw          2656  48
>>
>>
>>  
>>
>


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list